From 76d17bfd0f84fb42e71fe262cb056def533a71b1 Mon Sep 17 00:00:00 2001
From: Brad Warren <bmw@eff.org>
Date: Tue, 16 Aug 2016 18:40:05 -0700
Subject: [PATCH] Avoid modifying parsed ssl_options

---
 certbot-nginx/certbot_nginx/configurator.py | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/certbot-nginx/certbot_nginx/configurator.py b/certbot-nginx/certbot_nginx/configurator.py
index 5e415bce6..1a14a3866 100644
--- a/certbot-nginx/certbot_nginx/configurator.py
+++ b/certbot-nginx/certbot_nginx/configurator.py
@@ -338,16 +338,14 @@ class NginxConfigurator(common.Plugin):
         """
         snakeoil_cert, snakeoil_key = self._get_snakeoil_paths()
 
-        options_subblock = self.parser.loc["ssl_options"]
         # the options file doesn't have a newline at the beginning, but there
         # needs to be one when it's dropped into the file
-        if options_subblock and "\n" not in options_subblock[0]:
-            options_subblock[0].insert(0, "\n")
         ssl_block = (
             [['\n    ', 'listen', ' ', '{0} ssl'.format(self.config.tls_sni_01_port)],
              ['\n    ', 'ssl_certificate', ' ', snakeoil_cert],
-             ['\n    ', 'ssl_certificate_key', ' ', snakeoil_key]] +
-            options_subblock)
+             ['\n    ', 'ssl_certificate_key', ' ', snakeoil_key],
+             ['\n']] +
+            self.parser.loc["ssl_options"])
 
         self.parser.add_server_directives(
             vhost.filep, vhost.names, ssl_block, replace=False)